VLAN Tagging (Q in Q)

OK, here's the basic process is simple language:

1.) Frames leave your PC with no VLAN tag. 2.) Frames enter the access switchport and are looked up in the forwarding table for that VLAN only.

3.) At this point, one of a few things will happen. If it's a broadcast, multicast, or unknown unicast, it will be flooded to all switchports that are a member of that VLAN only.

If it is a known unicast within the VLAN, it will be forwarded to the appropriate switchport untagged. If the switchport is located on a different switch that is connected to the current switch via a 802.1q trunk, that switch will add a VLAN ID tag to the frames that are being forwarded to the port on the different switch.

If it is a known unicast outside the VLAN, it will be sent out the 802.1q trunk port tagged, to eventually be routed (if there is a router or L3 switch).

So does the switch remove the vlan 2 tag as it is sent to the destination non compatible 802.1q device? havohej your caps lock is stuck lol...

yes ROCKSTAR thats right the SWITCH untags the frame as it leaves the switchport to the destination device.

jajajajajaja sometimes, IT IS A MUST TO USE CAPSLOCK MEN!

IF YOU SET PORT 1 TO VLAN 2 DIRECTLY CONNECTED TO AN IP PHONE, AND THAT PHONE IS NOT 802.1Q COMPATIBLE , THE PHONE SENDS FRAMES (LEAVIN THE PHONE) UNTAGGED, SO WHEN IT ENTERS THE SWITCHPORT CONFIGURED AS VLAN 2 MEMBER, INMEDIATELY IT IS TAGGED AS VLAN 2 FRAMES.

This is incorrect.

Just because a port is assigned to a certain VLan doesn't mean its tagged immediatly on the switchport.

1.) Frames leave your PC with no VLAN tag. 2.) Frames enter the access switchport and are looked up in the forwarding table for that VLAN only.

3.) At this point, one of a few things will happen. If it's a broadcast, multicast, or unknown unicast, it will be flooded to all switchports that are a member of that VLAN only.

If it is a known unicast within the VLAN, it will be forwarded to the appropriate switchport untagged. If the switchport is located on a different switch that is connected to the current switch via a 802.1q trunk, that switch will add a VLAN ID tag to the frames that are being forwarded to the port on the different switch.

When I configure a port on a an HP switch to a single Vlan

vlan 2 untagged ethernet 25 (doing this takes port 25 out of the native vlan)

sh vlan 1 (port 25 will not appear since ive said you can only have 1 untagged port per port...)

sh vlan 2 (port 25 will appear as untagged port for non 802.1q device)

When I configure a port to use multiple VLans

Vlan 2 tagged ethernet 25 (doing this leaves port 25 in vlan 1 Untagged and adds port 25 to vlan 2 Tagged)

sh vlan 1 (port 25 will appear in vlan 1 as untagged)

Sh VLan 2 (port 25 will appear in vlan 2 as tagged so the 802.1q device will only get vlan 2 traffic)

So...If the destination port is set to vlan 2 "Untagged" the tag is stripped as you said(IF the tag is added by one of the examples given by jwj)to allow non 802.1q devices to work.

But If the Port is set to Tagged the 802.1q device needs the tag to seperate vlan traffic.

Bublitz wrote:


The native VLAN is used when a port is configured with multiple VLans 802.1q and there are devices connected to that port that doesn't support 802.1q.

EXSCUSE ME AGAIN, BUT THIS IS NOT TRUE, DONT KNOW WHERE YOU GET THAT INFO MEN???

I THINK ALMOST ALL DEVICES (END USER PCS) ARENT 802.1 Q COMPTIBLE, SO THEY DONT UNDERSTAND WHAT IS 8021Q TAGGING, THEY ONLY SEND FRAMES TO THE SWITCH, AND THE SWITCH MUST KNOW (DEPENDING IN THE SWITCH PORT CONFIG VLAN ) WHETHER IS MUTS TAG OR NOT A VLAN.

AS I EXPLAINED BEFORE, IF YOU HAVE NATIVE VLAN 1 FOR EXAMPLE, AND THE SWITCHPORT IS CONFIGURED AS ACCESS PORT FOR VLAN 1 MEMBER, IT DOESNT TAG THE FRAME.
IN THE SAME SCENARIO, IF THE SAME END USER PC, AND THE SAME SWITCHPORT IS CONFIGURED FOR ANOTHER VLAN EXPET NATIVE ONE, IT INMEDIATELY TAGS.

Yes thats true thats exactly what im saying...

Bublitz wrote:


The native VLAN is used when a port is configured with multiple VLans 802.1q and there are devices connected to that port that doesn't support 802.1q.

If a port is configured for multiple VLans it has to tagg the tagged vlan (configued in the switch).And I Quote from my self

You can only have 1 untagged VLan per port

SO the Ip phone will use vlan 2 traffic (tagged) and the PC or non 802.1q device will use the native or the untagged vlan traffic.

At the network switch there are two types of interfaces about VLAN, the Access and Trunk.
My question is where is happening the frame tagging, when the Ethernet frame arrives at an Access configured port or at an Trunk link?
I think that the Vlan tagging is happening only when the Ethernet frame traverse a trunk link, because at this case there are frames from all Vlans, so there must be a discrimination ID (Vlan ID- 12 bit). The Access link port of a Switch doesn’t need the Vlan tag as there is the VLAN table where there is an association between VLAN & port of switch. In this case the device is not going to use the 802.1q to tag the frame because the specific access port belongs to a specific VLAN and just the switch takes advantage of the VLAN Table (something similar to tha MAC table) to transfer the frame inside the VLAN.